'World's biggest cyber spy network'....

iVillage Member
Registered: 03-18-2000
'World's biggest cyber spy network'....
2
Sun, 03-29-2009 - 11:05am

'World's biggest cyber spy network' snoops on classified documents in 103 countries

Complete article at link....

http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece

Sunday Times: spy chiefs fear Chinese attack

A cyber spy network operated from China hacked into classified documents on government and private computers in 103 countries, internet researchers have revealed.

The spy system, which investigators dubbed GhostNet, compromised 1,295 machines at Nato and foreign affairs ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.

The work of Information Warfare Monitor (IWM) investigators focused initially on allegations of Chinese cyber espionage against the Tibetan exile community but led to a much wider network of compromised machines.
IWM said that, while its analysis pointed to China as the main source of the network, it had not been able conclusively to identify the hackers. The IWM is composed of researchers from an Ottawa-based think tank, SecDev Group, and the University of Toronto's Munk Centre for International Studies.

The researchers found that more than 1,295 computers had been affected at the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

The remote spying operation is thought to be the most extensive yet uncovered in the political world and is estimated to be invading more than a dozen new computers a week. Other infected computers were found at Deloitte & Touche in New York.

The IWM report said: "GhostNet represents a network of compromised computers resident in high-value political, economic, and media locations spread across numerous countries worldwide. At the time of writing, these organisations are almost certainly oblivious to the compromised situation in which they find themselves. The computers of diplomats, military attachés, private assistants, secretaries to Prime Ministers, journalists and others are under the concealed control of unknown assailant(s)."

"Almost certainly, documents are being removed without the targets’ knowledge, keystrokes logged, web cameras are being silently triggered, and audio inputs surreptitiously activated."

The investigators went to India, Europe and North America to collect evidence about the infected systems used by Tibetan exiles. It was in the second stage of the inquiry, when they were analysing the data, that they uncovered the network of compromised computers.

The IWM report said in its summary: "The GhostNet system directs infected computers to download a Trojan known as Ghost Rat that allows attackers to gain complete, real-time control. These instances of Ghost Rat are consistently controlled from commercial internet access accounts located on the island of Hainan, in the People’s Republic of China."

The researchers said GhostNet was spread using classic malware techniques. "Contextually relevant emails are sent to specific targets with attached documents that are packed with exploit code and Trojan horse programmes designed to take advantage of vulnerabilities in software installed on the target’s computer.

"Once compromised, files located on infected computers may be mined for contact information, and used to spread malware through e-mail and document attachments that appear to come from legitimate sources, and contain legitimate documents and messages."

Two researchers at Cambridge University who worked on the part of the investigation related to the Tibetans are releasing their own report. In an online abstract for The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement, Shishir Nagaraja and Ross Anderson wrote that while malware attacks are not new, these attacks should be noted for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".

Photobucket          The WeatherPixie 

 


Photobucket&nbs

iVillage Member
Registered: 03-18-2000
Mon, 03-30-2009 - 11:14am

What should we make of this Chinese cyber-spy story?

Yesterday's story in the New York Times about "GhostNet," the Chinese-based computer spying network that has apparently penetrated some 1,295 computers in more than 100 countries around the world, obviously raises this big question: Was the Chinese government behind it, or not? Three of the four servers that hosted GhostNet were apparently inside China (the fourth was in California), and many of the targets were involved one way or another in Free-Tibet activities or other causes opposed by the Chinese government. Wouldn't it have to have been the ChiComs? More...
http://jamesfallows.theatlantic.com/archives/2009/03/how_should_we_feel_about_this.php

The snooping dragon: social-malware surveillance of the Tibetan movement
In this note we document a case of malware-based electronic surveillance of a political organisation by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed. Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly effective.
More... http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html

Photobucket

 


Photobucket&nbs

iVillage Member
Registered: 05-23-2008
Mon, 03-30-2009 - 11:31am
It's getting scary, isn't it?